Browse all 9 CVE security advisories affecting wpdive. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpdive is a WordPress security scanner designed to detect vulnerabilities in WordPress websites and plugins. Historically, it has been associated with multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The tool has recorded 9 CVEs, with several critical flaws allowing unauthorized access or code execution. Notable characteristics include its aggressive scanning approach, which has sometimes led to false positives, and past incidents where the tool itself was compromised, resulting in malicious versions being distributed. Despite these issues, wpdive remains used for WordPress vulnerability assessment, though users should verify tool integrity before deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2503 | ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter — ElementCampCWE-89 | 6.5 | Medium | 2026-03-21 |
| CVE-2026-24556 | WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability — ElementCampCWE-862 | 5.3 | Medium | 2026-01-23 |
This page lists every published CVE security advisory associated with wpdive. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.